running as user nobody

George Toft plug-discuss@lists.plug.phoenix.az.us
Thu, 30 Jan 2003 22:27:20 -0500 

Lynn David Newton wrote:
> 
> What exactly is the significance of the user nobody?
> I've been seeing it for a decade or more, and have
> never really stopped to figure out why it's there. I
> believe I remember the nobody user being assigned the
> UIDMAX + 1. I think the max on the systems I was using
> was 65535. On RH Linux nobody is uid 99 and has no
> login.
> 
> Fair enough. However, by default, the Apache HTTP
> daemon runs as nobody.nobody, though it can be
> reassigned. I have it running as www.www on my home
> system, and that's how it's set up on our primary
> server at work (running an old version of BSDI). But
> we're setting up a new server on a FreeBSD system, and
> today we were trying to use some scripts that need to
> make directories and transfer files by means of the
> Web, and were getting permission errors. It didn't take
> long to realize that if httpd is running under user
> nobody, it doesn't have much permission to do stuff.
> 
> So what's the usual workaround? I recommended changing
> the User and Group parameters to www in the httpd.conf
> file, which will probably fix the problem, but at the
> same time I'm thinking there's probably a reason they
> set it up running nobody.nobody by default, and that
> there's probably a more elegant and secure way to
> handle the problems I'm seeing.
> 
> --
> Lynn
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


I am surprised nobody answered this (pardon the pun).

For some really twisted reason, somebody thought running web servers,
LDAP servers, name servers, databases, mail servers, etc as root was
OK.  It was convenient.  It was easier than doing it right.  It makes
hacking the box so much easier - if you can exploit a vulnerability in a
service, say with a stack smashing attack that gives you a shell, you
now have a shell running with the privileges of the service.  See a
problem here?

So now most services are launched as root to bind to the privileged
port, then they fork off and run as the unprivileged user.

I would suggest sftp to transfer files.  What you were trying to do was
very insecure.

George